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-The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
THE REPLY FILED 07 November 2006 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1 . [3 The reply was filed after a final rejection, but prior to or on the same day as filing a Notice of Appeal. To avoid abandonment of 

this application, applicant must timely file one of the following replies: (1) an amendment, affidavit, or other evidence, which 
places the application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41.31; or (3) 
a Request for Continued Examination (RCE) in compliance with 37 CFR 1.114. The reply must be filed within one of the following 
time periods: 

a) ^ The period for reply expires 3_months from the mailing date of the final rejection. 

b) CH The period for reply expires on: (1 ) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In 

no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN 

TWO MONTHS OF THE FINAL REJECTION. See MPEP 706.07(f). 
Extensions of time may be obtained under 37 CFR 1.136(a). The date on which the petition under 37 CFR 1.136(a) and the appropriate extension fee 
have been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee 
under 37 CFR 1.17(a) is calculated from: (1) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as 
set forth in (b) above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, 
may reduce any earned patent term adjustment. See 37 CFR 1 .704(b). 
NOTICE OF APPEAL 

2. □ The Notice of Appeal was filed on . A brief in compliance with 37 CFR 41 .37 must be filed within two months of the date of 

filing the Notice of Appeal (37 CFR 41.37(a)), or any extension thereof (37 CFR 41.37(e)), to avoid dismissal of the appeal. Since 
a Notice of Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41.37(a). 
AMENDMENTS - 

3. □ The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a) D They raise new issues that would require further consideration and/or search (see NOTE below); 

(b) D They raise the issue of new matter (see NOTE below); 

(c) □ They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 

appeal; and/or 

(d) D They present additional claims without canceling a corresponding number of finally rejected claims. 

NOTE: . (See 37 CFR 1.116 and 41 .33(a)). 

4. □ The amendments are not in compliance with 37 CFR 1.121. See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. □ Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling the 

non-allowable claim(s). 

7. ^ For purposes of appeal, the proposed amendment(s): a) □ will not be entered, or b) IE! will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. 
The status of the claim(s) is (or will be) as follows: 

Claim(s) allowed: . 

Claim(s) objected to: . 

Claim(s) rejected: 1-24 . 

Claim(s) withdrawn from consideration: . 

AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary and 
was not earlier presented. See 37 CFR 1 .1 16(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41.33(d)(1). 

1 0. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REQUEST FOR RECONSIDERATION/OTHER 

1 1 . S The request for reconsideration has been considered but does NOT place the application in condition for allowance because: 

See Continuation Sheet. 

12. □ Note the attached Information Disclosure Statement(s). (PTO/SB/08) Paper No(s). 
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Continuation of 1 1. does NOT place the application in condition for allowance because: Examiner asserts that the argument presented by 
the applicant is not persuasive. Applicant's argued that some of the limitation recited in the independent claims are not disclosed by the 
reference on the record. 

For instance applicant argued that 

The reference on the record, namely, Draves, does not disclose the following limitations, 
"requesting to execute on the processor at least one of the plurality of instructions, or set of instructions by the software code running on 
the processor," 

and "providing that the second security ID matches the first security ID." 

Applicant has not amended any of the independent claims. Thus Examiner found that the rejection made in the previous office action is 
also applicable to the argument presented by the applicant. Furthermore, Applicant's argument filed on November 07, 2006 is found to be 
similar to the argument filed on June 13, 2006, thus response presented by the examiner in the previous office action is also relevant and 
applicable towards the present applicant argument. 

Referring to the independent claims 1, 9 and 17, it has been argued that, Draves, the reference on the record, does not teach restricting 
execution of security sensitive instructions by associating a first security identification (ID) with instructions and obtaining a second 
security ID associated with a software code (different than instruction(s)). Instead, Draves pairs two sets of handles with keys for a single 
or same item, i.e., a computer system resource shared between two different authorized processes ( a server and client process). By 
using the two sets of handles with keys for the shared resource, Draves ensures that two different authorized processes can access that 
shared resource. In this manner, Draves does not use two security IDS associated two different items (the requested instruction(s) and the 
software code) for restricting the execution of security sensitive instructions. Based on the above indicated legal standard, it is respectfully 
submitted that Draves fails to anticipate independent claims 1, 9. and 17. 

Examiner disagrees with the above argument, examiner would point out that Dravis on column 2, lines 27-31, disclose, the following. "The 
system provides for ensuring that a computer program is authorized to access a computer system resource. The system generates a 
system-wide resource table that has a resource entry for each allocated resource. Each resource entry contains a preferably non- 
forgeable key that uniquely identifies the resource. This indicates the fact that not only pairs keys are associated with both a single or 
same item, i.e., a computer system resource as but also associated several resources and each resources/items are also uniquely 
identified by the non-forgeable keys. 

Examiner would also asserts that Dravis on column 3, lines 42-48, discloses the following, "In a preferred embodiment, the kernel 
maintains a system-wide resource table that is a hash table and that contains a resource entry corresponding to each resource allocated 
by the kernel. The allocated resources are identified by a kernel-generated resource identifier. The system of the present invention uses 
resource identifiers that contain both a handle and a key (a handle.backstash.key pair)." 

This indicates the fact there is also several resources/items which are identified by the resource identifier or key pair. 
Dravis further discloses the following, "When a process wishes to access the allocated resource, it passes the handle.backslash.key pair 
to the kernel. The kernel examines the resource entry indexed by the passed handle to determine whether the passed key is equal to the 
key in the indexed resource entry. The keys may not be equal for several reasons, including resource table compaction and attempted 
forgery." [Column 3, lines 63-column 4, line 2]. This implies that the requesting process could be any process including an unauthorized 
process which is attempting forgery however forgery process is not able to access other resource that it is not authorized since it does not 
have the right key pair and the kernel denies this process from accessing the resources by matching the key with the resource it is 
requesting. 

Examiner would point out Dravis in support of this discloses the following: "When no such resource entry is found, the kernel denies the • 
process access to the resource. On the other hand, when a resource entry that contains a matching key is found, the kernel allows the 
process to access the resource." [Column 4, lines 7-10] 

Finally examiner asserts that Dravis on column 3, lines 39-41, discloses the main feature of the invention indicating that it is directed to a 
method and system providing secure access to resources. The system provides for ensuring that a computer program is authorized to 
access a computer system resource. And this implies that the invention is used to control access to any resources in the computer system 
by any computer programs. 

Therefore, in order to clarify how each and every limitation of the independent claims is disclosed by the reference on the record the 

examiner would show the independent claims 9, 1 and 1 7 as follows. 

As per independent claims 9, 1 and 17 Draves discloses an apparatus, comprising: 

A processor for running code thereon, [column 3, lines 39-42 and column 1, lines 1 1-22 and figure 2, ref. Num "250"] (As 
indicated on column 3, lines 39-42, the invention is directed towards a method and system in a kernel of an operating system for providing 
secure access to computer system resources. The OS kernel is inherently operates in the processor. And as it is indicated on column 1 , 
lines 39-42, the portion of the operating system that is responsible for the allocation and deallocation of resources is known as the kernel. 
The kernel interacts with the shell and other programs as well as with the hardware devices on the system, including the processor (also 
called the central processing unit or CPU), memory and disk drives.) 

For associating a first security identification (ID) with each of a plurality of instructions or a set of instructions that are to 
be executed by the processor; [column 3, lines 43-50 and column 3, lines 60-62] (As it is disclosed on column 3, lines 60-62, each 
process which is defined as concurrently executing computer programs on column 1, lines 14-15, meets the limitation each of a plurality of 
instructions or a set of instructions are inherently executed by the processor are associated with the resource identifier comprising the 
handle/key pair that is passed to the process/programs/set of instructions when requesting allocation of resources. Furthermore Draves on 
column 3, lines 43-50 discloses the following. In a preferred embodiment, the kernel maintains a system-wide resource table that is a hash 
table and that contains a resource entry corresponding to each resource allocated by the kernel. The allocated resources are identified by 
a kernel-generated resource identifier. The system of the present invention uses resource identifiers that contain both a handle and a key 
(a handle.backslash.key pair). The key is a very large number (e.g., 128 bits) that uniquely identifies the resource) Wherein 

The processor receives [column 3, lines 63-65; The OS kernel is inherently operates in the processor] a request to execute at 
least one of the plurality of instructions or set of instructions by the code running thereon obtains a second security ID associated with 
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the code, [column 3, lines 60- 62 and column 3, lines 39-41] (As it is disclosed on column 3, lines 60-62, each process requesting the 
allocation of resource which is defined as concurrently executing computer programs on column 1, lines 14-15, meets the limitation, a 
request to execute at least one of the plurality of instructions or set of instructions by the code running thereon obtains resource identifier 
comprising the handle/key pair that is uniquely identify the resources as explained on column 49-51 meets the limitation of obtaining a 
second security ID associated with the process/program/code) 

Compares the second security ID with the first security ID, and executes the requested instruction or set of instructions providing 
that the second security ID matches the first security ID. [Column 4 f lines 8-10] (When a matching key is found, the kernel allows the 
process to access/executes the requested instruction or set of instructions /resource/program as explained on column 4, lines 8-10) 
Therefore the second security ID could be provided to a program which is attempting forgery, however would not be able to access the 
requested resources since its security ID/indentifier/Key pair would not be the same with the first Security ID which is provided to some 
other program. In other words application programs as explained on column 23-25 such as word programs and spreadsheet program 
could have a shared memory but one of the program would be able to access the resource of the other program if and only if it has one 
and the same key pairs/identifier otherwise it would be denied as explained on column 3, lines 60-column 4, line 11]. This is some thing 
which is inherently included in the reference on the record and is not something which is not supported or created by the Examiner. 
Therefore each and every limitations of the independent claims are disclosed by the reference on the record namely Draves. 
The next argument by the applicant is referring to the dependent claims 4-6, 12-14 and 20-22. 

Examiner disagrees with this argument, as dependent claims stands and falls with the corresponding independent claims. 
As to the argument made to the motivation, It is not necessary that the reference actually suggest, expressly or in so many words, the 
changes or improvements that applicant has made. The text for combining references is what the references as a whole would have 
suggested to one of ordinary skill in the art. See In re Sheckle, 168 USPQ 716 (CCPA 1971) In re McLaghin 170 USPQ 209 (CCPA 1971). 
In re Young 159 USPQ 725 (CCPA 1968). 

Examiner would like to point out that though the disclosure itself contains some novel contribution, the independent 
claims have not yet been written to reflect the invention. The independent claims have not yet been amended/written to overcome the 
rejection set forth in the final office action. Examiner would consider allowing the case if appropriate amendment is made without 
introducing a new matter. However, the examiner believes that since no appropriate amendment is made to at least the independent 
claims the rejections remains valid. 
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